Audit shows IRS failed to adequately identify security weaknesses

By
Follow google news

The U.S. Internal Revenue Service used a flawed and ineffective process for monitoring system security weaknesses, according to a report recently released by the Treasury Inspector General for Tax Administration.

The IRS failed to accurately and completely describe security weaknesses, understated the number of weaknesses, and overstated progress in addressing the weaknesses, the report said.


Specifically, the agency prepared nearly identical reports for each system, noting only broad control topics rather than specific problems.

Also, the IRS assumed that if a system was certified and accredited, then nearly all of its weaknesses had been addressed. "This assumption is not valid since certified and accredited systems can still have security weaknesses," the IG wrote.

As a result of the flawed process, the information given to the Office of Management and Budget and the Inspector General has been "inaccurate and misleading," according to the audit.

IRS management agreed with the audit's findings and has established a working group to develop an approach for managing the process.

www.treas.gov/tigta

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
auditfailedidentifyirssecurityshowstoweaknesses

Sponsored Whitepapers

Make cloud predictable again
Make cloud predictable again
Cut through the SASE confusion
Cut through the SASE confusion
AI Readiness Starts Here: Build a Future-Proof, Value-Driven AI Strategy with Brennan
AI Readiness Starts Here: Build a Future-Proof, Value-Driven AI Strategy with Brennan
Build the Infrastructure for Your AI Revolution
Build the Infrastructure for Your AI Revolution
2026 Engineering Reality Report
2026 Engineering Reality Report

Events

Most Read Articles

Optus takes $826,000 hit for anti-scam breaches

Optus takes $826,000 hit for anti-scam breaches
Australia's AUKUS base to connect to subsea cables

Australia's AUKUS base to connect to subsea cables
Australia, US and UK sanction Russian cyber firms over ransomware links

Australia, US and UK sanction Russian cyber firms over ransomware links
JPMorgan, Citi, Morgan Stanley client data may be exposed by vendor's hack

JPMorgan, Citi, Morgan Stanley client data may be exposed by vendor's hack
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?